You are less anonymous on the web than you think—much less

October 26, 2016, Stanford University
Credit: Stanford University

If you still think you can be anonymous on the internet, a team of Stanford and Princeton researchers has news for you: You can't. Over the summer, the team launched what they called the Footprints Project, which invited individuals to participate in an online experiment that allowed researchers to access their anonymous web browsing history, including information about active Twitter usage. Based on that information alone, Footprints successfully identified 11 out of 13 people who visited the site on its first day of operation.

"I think the first thing I messaged was: 'This is kind of scary,'" says Stanford undergraduate Ansh Shukla, a senior studying mathematics, who is working on the project with Stanford Engineering assistant professor Sharad Goel and Stanford computer science PhD student Jessica Su.

The researchers ended the Footprints experiment in October. By then almost 300 users had visited the site, and the system had accurately identified 80 percent of them.

How did it work? Users voluntarily participated in Footprints. That gave the researchers permission to gather the names of any websites that a participant clicked on through Twitter while using Google Chrome. This unique set of links is a fingerprint. To find that user, the researchers crawled through millions of Twitter profiles to see who everyone is following.

So imagine that Jane Doe, John Smith and Susie Q all participated anonymously, and that each of these three volunteers follow 100 Twitter accounts. All three might follow the official Stanford Engineering Twitter account. But Jane and John also follow the New York Times' Twitter account for their news, while Susie instead follows the Los Angeles Times as her newspaper of choice. Researchers can then deduce that the person who visited links tweeted from Stanford Engineering and the New York Times is more likely to be Jane or John, not Susie.

"Although we happen to use Twitter, it's not like Twitter is uniquely vulnerable," Shukla says. "It doesn't take a lot of recorded characteristics to have people become unique."

This project is part of a growing body of research that brings heightened alarm to privacy vulnerabilities on the web. For most websites we visit, we often implicitly consent to be tracked through a terms of service or "cookie" (a small file of identifying information left on a computer when you browse online) policy. Footprints researcher Arvind Narayanan, an assistant professor of computer science at Princeton, previously published a paper that demonstrated how data anonymization is broken on the web. The work became well known outside of academia because Narayanan cross-referenced Netflix user data with Internet Movie Database (IMDb) users to uniquely identify individuals.

The Footprints researchers know that online privacy risks are not new, but their latest research is "another nail in the coffin" to the idea that the average person with the average web browser can be private online, Shukla explains. "You should kind of go into the internet assuming that everything you go to someone might learn about someday," he says.

Shukla says that even though many advertisers and internet companies might not initially know your name, they likely have most of your anonymous browsing history – even if you regularly clear your cookies. This data might be used by a commercial entity to link an anonymous person with a real identity – something that's lucrative for an advertiser – by cross-referencing databases. So an anonymous person who keeps visiting certain furniture websites might eventually be identified and targeted through a direct mail campaign. Or a political campaign might be able to target a specific voter.

Shukla hopes that as people realize how easy it is to track their digital , this will lead to a change of policy, such as collecting far less data. He also envisions new technologies to empower consumers that are more powerful than the "do not track" setting on browsers – an injunction often ignored by websites. "Security theater," Shukla says.

Goel notes that most people don't even realize they are leaving behind digital footprints. "We conceived this as a consciousness-raising project," he says, adding that he and his team plan to write a journal article about the Footprints experiment.

Explore further: Can we protect against computers being fingerprinted?

More information:

Related Stories

Twitter offers personalized advice on whom to follow

May 18, 2012

Twitter wants to guide new hatchlings as they venture out of the virtual nest with its experimental tailored suggestions of whom to follow. This personalization comes on the heels of the company's confirming that users also ...

You are not as anonymous as you think online

June 7, 2016

You may not be anonymous as you think you are online; reveals a new study published on Frontiers in ICT. Your browsing behavior can indicate your personality and provide a unique digital signature which can identify you, ...

Twitter expands privacy on direct messages

April 20, 2015

Twitter said Monday it was making it easier to take direct messages private, carving out a bigger space for targeted exchanges on the popular microblogging service.

Twitter says its ads pay off for candidates

October 10, 2012

Twitter released a study Wednesday showing its paid messages pay off for political candidates, not only in garnering attention but in driving campaign contributions.

Recommended for you

Pushing lithium ion batteries to the next performance level

December 13, 2018

Conventional lithium ion batteries, such as those widely used in smartphones and notebooks, have reached performance limits. Materials chemist Freddy Kleitz from the Faculty of Chemistry of the University of Vienna and international ...

Uber filed paperwork for IPO: report

December 8, 2018

Ride-share company Uber quietly filed paperwork this week for its initial public offering, the Wall Street Journal reported late Friday.


Adjust slider to filter visible comments by rank

Display comments: newest first

5 / 5 (2) Oct 26, 2016
Footprints successfully identified 11 out of 13 people

Pretty sure that if you combine this with canvas fingerprinting you could get 13 out of 13
not rated yet Oct 26, 2016
This is why google's tracking opt-out cookie contains a trackable unique identifier string.

In essence, if you tell Google that you don't want them to track you, they brand your browser with an unique tracking marker so that their software knows it's you, so they could then not track you, which they still do.

Google: "if you don't want us following you around, simply report yourself in voluntarily, so we don't have to."
5 / 5 (1) Oct 26, 2016
If they were to track my footprints, it would be as follows:
Looking at the news
Looking at
Looking at the news
Looking at
Looking at the news

They would be bored out of their minds!
Whydening Gyre
not rated yet Oct 26, 2016
If they were to track my footprints, it would be as follows:
Looking at the news
Looking at
Looking at the news
Looking at
Looking at the news

They would be bored out of their minds!

You mean don't hit labia lounge every once in a while...?
not rated yet Oct 26, 2016
If they were to track my footprints, it would be as follows:
Looking at the news
Looking at
Looking at the news
Looking at
Looking at the news

They would be bored out of their minds!

It doesn't affect you directly, so don't worry about it, right?
not rated yet Oct 27, 2016
So, since I don't have a twitter account and I don't use chrome I'm more anonymous.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.